我在系统上发现了有关用户注册和密码的信息。当我建立新用户时,我通过bcrypt散列密码。一切都保存到数据库中,但最近我发现我无法登录新创建的用户。我猜想密码有问题。注册时密码错误,但在更改密码时工作密码bcrypt
奇怪的,但当我与这个用户在忘记密码和添加新密码我能登录..用户注册和忘记密码使用相同的散列系统。这是注册过程以及如何保存密码:
这个 - >注册后我无法登录。
// included db connection, password hash file etc..
//hash the password
$hashedpassword = $user->password_hash($_POST['user_password'], PASSWORD_BCRYPT);
if(!isset($error)){
try {
$stmt = $pdo->prepare('INSERT INTO users (user_username, user_password, user_email) VALUES (:user_username, :hashedpassword, :user_email)');
$stmt->execute(array(
':user_username' => $_POST['user_username'],
':hashedpassword' => $hashedpassword,
':user_email' => $_POST['user_email']
));
} catch(PDOException $e) {
var_dump ($e->getMessage());
exit;
}
}
// html part
<div class="form-group">
<label class="control-label col-sm-2" for="password">Password:</label> private function get_user_hash($username){
try {
$stmt = $this->_db->prepare("SELECT user_password FROM users WHERE user_username = :username AND active='Yes'");
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['user_password'];
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->password_verify($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
<div class="col-sm-10">
<input type="password" class="form-control" name="user_password" id="user_password" placeholder="Enter password">
</div>
</div>
重置密码。 这个 - >我可以在密码更改后登录。
if(!isset($error)){
//hash the password
$hashedpassword = $user->password_hash($_POST['user_password'], PASSWORD_BCRYPT);
try {
$stmt = $pdo->prepare("UPDATE users SET user_password = :hashedpassword, resetComplete = 'Yes', active='Yes' WHERE resetToken = :token");
$stmt->execute(array(
':hashedpassword' => $hashedpassword,
':token' => $row['resetToken']
));
//redirect to index page
header('Location: index.php?action=resetAccount');
exit;
//else catch the exception and show the error.
} catch(PDOException $e) {
$error[] = $e->getMessage();
}
}
<div class="input-group input-group-lg">
<span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span>
<input type="password" class="form-control" name="user_password" id="user_password" placeholder="Enter your new password"/>
</div>
<div class="input-group input-group-lg">
<span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span>
<input type="password" class="form-control" name="passwordConfirm" id="passwordConfirm" placeholder="Re-enter your new password" />
</div>
我没有看到任何不同。他们都使用相同的数据库连接,相同的数据库表,相同的密码散列文件。我不知道该怎么办。
更新:密码的数据库字段是VARCHAR(120)
所以它有足够的空间来散列。此外,我敢肯定,前1-2周,全是因为我创造了一些帐户..我不会改变任何东西,现在我无法登录..
UPDATE2完美工作: user.php的..
include('password.php');
$pdo = Database::connect();
class User extends Password{
private $_db;
function __construct($pdo){
parent::__construct();
$this->_db = $pdo;
}
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare("SELECT user_password FROM users WHERE user_username = :username AND active='Yes'");
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['user_password'];
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->password_verify($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
的index.php其中登录表单
//html part
<div class="input-group input-group-lg">
<span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span>
<input type="password" class="form-control" name="password" id="password" placeholder="password" />
</div>
// php part
// include database, user.php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$id=$user->login_user_id($username);// get user id
$permissions=$user->login_user_permissions($username);// get user role
$_SESSION['user_id'] = $id;// assing user_id to session
$_SESSION['user_username'] = $username;
$_SESSION['user_role'] = $permissions;
header('Location: admin/index.php');
exit;
} else {
header('Location: index.php');
echo '';
}
}
添加代码,您尝试使用密码登录和用户crdential –
我忘了它..对不起。只需一秒钟。 –
是'$ user-> password_hash()'传递给'password_hash()'? – Scuzzy